Python tests of Access Control Lists and Privileges

[Richard Sharpe]

On Mon, Mar 26, 2012 at 2:01 AM, Andrew Bartlett <abartlet at samba.org> wrote:
> On Sun, 2012-03-25 at 22:12 -0700, Richard Sharpe wrote:
>> Hi,
>>
>> Here are my thoughts with respect to tests of the Samba ACL handling
>> and Privileges.
>>
>> It should consist of:
>>
>> 1. A set of tests, where each test is a Python function or perhaps a
>> class (not sure of the utility of classes here, hmmm, as classes we
>> can maintain useful info about each test with some interesting info
>> and a standard set of methods).
>>
>> Each test should focus on a specific item, eg: Apply a specific set of
>> ACEs in an ACL to a file and then try to access the file in ways that
>> should be allowed and ways that are not allowed.
>>
>> Privilege tests should test that a user who has privileges get the
>> access provided by those privileges, even in the presence of DENY
>> entries etc.
>>
>> Each test return True for pass, False for fail.
>>
>> Each test should use normal Python Documentation to document what it
>> tests and what a failure indicates.
>>
>> 2. A list of those tests.
>>
>> 3. A driver that connects to a server, retrieves version information
>> etc, and then runs the tests one at a time until they have already
>> been run. It should then report the statistics, and in particular list
>> all the tests that fail.
>>
>> Any other suggestions? Comments.
>
> Nadya has commented on what should be tested, so I'll concentrate on how
> it should be tested.  Look closely at the acl.py tests, and how it is
> built using the TestCase classes, the associated assertions and outputs
> subunit.  In short, just do not re-invent our testing wheel.  Create the
> users and assign privileges using RPC and LDAP, and then test using
> SMB.

Thank you for your feedback, but surely the fact that I was working
within the existing code base and asking people for input suggests
that I am not trying to re-invent any wheels.

-- 
Regards,
Richard Sharpe
(何以解憂？唯有杜康。--曹操)